Slashdot Mirror

← Back to Stories (view on slashdot.org)

You Need Not Be Paranoid To Fear RFID

Posted by Zonk on from the tales-of-horror dept.

An anonymous reader writes "A story at the Boston Globe covers extensive privacy abuses involving RFID." From the article: "Why is this so scary? Because so many of us pay for our purchases with credit or debit cards, which contain our names, addresses, and other sensitive information. Now imagine a store with RFID chips embedded in every product. At checkout time, the digital code in each item is associated with our credit card data. From now on, that particular pair of shoes or carton of cigarettes is associated with you. Even if you throw them away, the RFID chips will survive. Indeed, Albrecht and McIntyre learned that the phone company BellSouth Corp. had applied for a patent on a system for scanning RFID tags in trash, and using the data to study the shopping patterns of individual consumers." I think they may be going a little overboard with their stance, but it's always interesting to talk about.

24 of 509 comments (clear)

  1. Just put them in your microwave by Anonymous Coward · · Score: 5, Interesting

    Whenever you purchase something, just fry the RFID chip by putting the stuff for 15 seconds in your microwave. Problem solved.

    (Or just use cash).

    1. Re:Just put them in your microwave by moro_666 · · Score: 4, Interesting

      since the rfid chips are all still based on common electronic circuits and microchips, you should just emit a strong enough emp signal at it, and it's fried ... and at least dvd disks and cd-roms should survive it quite well ... ( i wouldnt try it on the microwave :p )

      when they make rfid based paying cards ... then emitting an emp signal at a store full of rfid card users could mean a lot of fun at the cashier :)

      note that you dont need a nuclear bomb to create an emp wave, even smaller tools can do it, like the one linked to here.

      http://en.wikipedia.org/wiki/Explosively_pumped_fl ux_compression_generator

      passive rfid chips are especially vulnerable to this because they by themselves rely on the signal energy to respond at all.

      --

      I'd tell you the chances of this story being a dupe, but you wouldn't like it.
    2. Re:Just put them in your microwave by Kaiwen · · Score: 2, Interesting
      If Americans can be educated to equate dollar coins with lower taxes (not that big of a stretch) I think you'll find resistance decreasing.

      This argument fails to take into account one of the great universal principles of budgetary politics: politicians spend money, they never give it back. Thirty milliseconds after the mints realize their first dollar in savings, every politician in Washington will be lined up with a minimum of three proposals apiece on alternative ways to spend it, most of them involving the pocket linings of their bigger contributors back home.

      Lee Kaiwen, Taiwan

    3. Re:Just put them in your microwave by fredklein · · Score: 2, Interesting

      The point I was trying to make is that two dollar bills have been around for decades, and people are STILL ignorant of them.

      And again, simple ignorance about one subject does not equal "fanatical opposition to being educated".

      How often do you have 20 singles in your pocket? (And strip clubs don't count.)

      Quite often. You see, ATMs give out $20 bills. Take out, say $100 and then use a $20 to pay for $5.99 purchase, and get $14 back, usually as a 10 and 4 ones. Repeat 5 times, and viola- $20 in singles.

      Besides I didn't say "$20 in singles", I said "$20 in bills".

      Stupid people need to be protected from themselves.

      That is most often said by those who a)don't see themselves as stupid, and b)think they'd be the perfect ones to do the "protecting".

      They are usually wrong on both counts.

    4. Re:Just put them in your microwave by slumos · · Score: 2, Interesting

      First point stipulated. However the Sacagawea a.k.a Golden dollar:

      • Was easily distiguishable from the quarter by size, weight, color, and texture (specifically, having smooth sides in contrast to the quarter's ridges);
      • Was quickly adopted by vending machines. For example, all of the vending machines on my campus were able to take them before I could even get one. After all, coins are much easier to take than bills. The SBA had failed before vending machine started to take dollars at all--I'm sure the vending machine companies would really have prefered SBAs to inventing bill scanners;
      • Was promoted much more strongly than any newly introduced money before it, although I have to admit to getting some dirty looks for tipping with golden dollars at first.

      On the other hand, there was really poor distribution. I had to go to my bank to get them, and often they did not have even a single full roll on hand (!). These days, my only source for dollars is the vending machines at the post office. And I don't buy nearly enough stamps to make that a viable option.

  2. I see a market.. by jcr · · Score: 4, Interesting

    ...for RFID-killers. Shouldn't need more than a watt or so at the right frequency to kill the chip.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
    1. Re:I see a market.. by dawggy_daddy · · Score: 2, Interesting

      1. Or an RFID reader killer.
      2. Cash is being phased out to the ubiquitous 'magnetic identification' tag found on credit and atm cards and very soon on passports.
      3. Toll booth passes ( like the EZpass in the northeast U.S. ) are already in great use. Just place a EZpass reader unobtrusively on a intersection traffic light to catch speeders or red light runners. Why do drivers on toll roads speed when calculating their speed by the amount of time between entry and exit of the toll road or speed through the EZpass toll booth reader ( I've been dinged by this already ) is trivial.
      5. The market is ripe for mu-metal EZpass storage containers. Or 'Faraday shielding' ( SCIF ) for your automobile or house.
      6. Even my two doggies have RFID tags implanted, the vetinarian can read it, but when I'm walking them, so can 'big-brother'. Do I need 'mu-metal' woven into vests or collers for them.

      Am I being too paranoid?

  3. Shopping patterns by Jugalator · · Score: 4, Interesting

    What's so bad about studying them?

    Like with Google ads, if I have to live with ads, I much prefer directed ones with at least some research behind them than undirected ones. In other words -- in this case with shoes, if they wished to send me ads by mail, I'd rather only get ads for men in my age than women and kids.

    Of course, connecting these studies to other databases from other companies could make it very wrong, but that's another problem I think need other laws (unless there aren't any already -- IANAL).

    And at least where I live, there are already laws against storing personally identifiable data in a database, such as your social security number. I guess age, gender, and other purely statistical data don't fall under this law, and I don't see a compelling reason to why it should. Is it really such a big deal?

    --
    Beware: In C++, your friends can see your privates!
    1. Re:Shopping patterns by gr3g · · Score: 2, Interesting

      One thing that I worry about in targeted advertising is my ability to abstain. Even without ads targeted specifically to my tastes I have a problem with buying too much crap, I don't need my psyche pummeled into submission by seeing things I *need* put on display all the time. I have come to the realization that I am no different than that child many years ago who was way too tempted by the check-out isle displays of candy, only now my desires have shifted to electronics and gadgets (oh to desire .$50 items again!)

      So for the hope of one day coming out of debt, I say no to the targeted ads.

      --
      "It has always been this way and it won't change, god bless the fucked up USA" The Briefs
    2. Re:Shopping patterns by Illserve · · Score: 2, Interesting

      It is a big deal, because directed advertising is more profitable.

      And because it's more profitable there will be more of it.

      So given the choice of less undirected advertising and more directed advertising, I'll take the former.

      Also, directed advertising is harder to ignore. The more they know about how your brain works the better they'll be able to create ads that draw your attention to them.

  4. Calm Down: You're Being Paranoid by Anonymous Coward · · Score: 3, Interesting

    Come on, people, think about it. RFID on everything? It's not going to happen. The statistical data gained would be horribly inaccurate because nobody would ever know whether or not you're actually the one wearing the shoes. For instance, what if they were a gift for somebody 3,000 miles away?

  5. Ubiquity by the+bluebrain · · Score: 5, Interesting

    Looking at the way the **AA are carpet-bombing all and sundry with outree requests in support of their business model - in the hope that the odd one will stick - once RFID tech is used widly, I foresee a future where first major brands, then other retailers and law enforcement will be making similar requests, more or less "because it's technically possible".

    => EULA when you buy a Ralph Lauren shirt, making it illegal to disable the tag?
    => Extra tax if you nuke your trash before putting it by the roadside? ("WallMart has a right to know!")
    => Automatic searches at the airport when a scan of your luggage turns results that deviate from the norm?
    => A new "coming of age" rutual, whereby you have your mandatory kiddy-goes-to-school tag removed when you turn 18 21?

    --
    yes, we have no bananas
    1. Re:Ubiquity by dajak · · Score: 2, Interesting

      Looking at the way the **AA are carpet-bombing all and sundry with outree requests in support of their business model - in the hope that the odd one will stick - once RFID tech is used widly, I foresee a future where first major brands, then other retailers and law enforcement will be making similar requests, more or less "because it's technically possible".

      That makes sense. The most basic tests for legislative drafting we use here in the Netherlands are: 1) it is possible to comply efficiently (= without disproportionate economic side-effects), and 2) compliance is effectively and efficiently enforceable. That's why minor immorality like softdrugs and prostitution are 'tolerated', and capital gains tax is for instance charged on a fictional gain of 4% instead of the actual amount which is too easy to misrepresent. Many of our small liberties are based on little more than lack of enforceability. Off-topic sneer: the US legislator doesn't have a reputation of taking enforceability very seriously.

      We need fundamental debate on privacy, copyright and fair use, patents etc. instead of complaining how the new regimes are more restrictive than the old ones like most critics do. That has never been a valid argument. We need to face the fact that the majority of the population would happily prohibit anything they don't do, like, or understand if it can be done efficiently without too much inconvenience to them. The tolerance (or should I call it political correctness?) taught by the 17th century religious wars and WWII seems to be wearing off again.

  6. I hate to break it to you... by Anonymous Coward · · Score: 5, Interesting

    ...but this already happens WITHOUT RFID. I work for a marketing company (who will remain nameless, and hence why I'm posting as an AC) who's work is partly geared toward this sort of work. You go to a store. You pay with a credit card. It stores your CC # (in an undecryptable hash format of course) and what items you bought. It looks for patterns and even gives competitors a chance to gain your marketshare. If Pepsi wants Coke marketshare they can pay us to print a coupon for the guy who buys Coke everytime he goes to the grocery store. We don't need RFID for someone to be monitoring our purchases.

    1. Re:I hate to break it to you... by SimilarityEngine · · Score: 2, Interesting

      But now: you go to a store, you pay with cash, and the f**kers can still snoop on your spending habits by scanning the RFID tags in your trash, without even getting their hands dirty.

      --
      Those who can make you believe absurdities can make you commit atrocities. - Voltaire
  7. Mistaken Identity! by ami-in-hamburg · · Score: 5, Interesting

    Ok, you buy a second hand jacket. I wouldn't, but a lot of people do. The tag has been connected with a child rapist by the FBI. You go to the train station. You get scanned.

    Suddenly, 15 FBI agents slam your face into the dirty floor and take you away for questioning in hand cuffs. You submit to a DNA test (no, not like the CSI TV show, it really does take a long time). It will take days if not weeks to prove they got the wrong person !!! In the meantime, there is no way they are going to let you out.

    Since perception is reality, you lose your job, your wife, your friends, etc...etc... because you're a deviant child molester. I mean, you must be, the evening news said you're a suspected deviant so it must be true.

    Perhaps a little bit extreme for an example but not out of the range of RFID possibility.

  8. Shoplifters have already worked this out by Zog+The+Undeniable · · Score: 3, Interesting

    Shoplifters in Manchester, England, put small high-value items into a metal biscuit tin lined with aluminium foil (a bit of overkill there) which is supposed to screen the RFID tags from the sensors by the door. I saw it on a documentary about junkies last week - it's common for the police to find these tins in their houses along with the usual drug paraphernalia.

    --
    When I am king, you will be first against the wall.
  9. I would like to place a bet with you. by hummassa · · Score: 3, Interesting

    Coins will be made of plastic (the rfid being the way of authenticating them) before 2020.

    --
    It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
  10. You should be more paranoid by o0SupaCB0o · · Score: 5, Interesting

    They don't need RFID to collect anymore information than they already.

    I've seen the amount of information they collect at these POS systems. You use a credit/debit card, your card encodes your zip code, first name, last name. Your purchase is collected already by scanning the item into the register.

    Your info is then sent to the 3 credit bueraus and your infor is merged with those large databasese. If you give your email to the retailer, your email is attached to your credit report. Through those credit reports the credit bueraus then sends back your address to the retailer and all other information the retailer can afford.

    Your information is already available in catalog dealers, your internet info is available at experian online (yup experian started an internet division). How much you make and how much own is already available at experian, transunion and can't remember the last one.

    The retailer already got the information they need, RFID is just a way to track inventory, really no joke. RFID does not add any additional information that the retail/catalog industry does not already have. Oh yea, they used to be able to get large amount of info through the DMV before 9/11.

    Experian will sell your info to ANYBODY at the right price, private detective already have this ability, without license. Now the funny thing is the only person that has a hard time getting your info, is yourself! Oh yea don't get me started on the 2 files they keep, one public one that you see, and one that is hidden, that keeps every single transactions you've made in your life. the law says some items fall off the report, but the hiden one is available to anybody with money and can make your life horrible. There are no laws saying that your bank need to tell you they based their decision on this second file. So you think your report is clean, but the hidden one says otherwise. Oh yea that second one contains all your purchase habbits too.

    God where's my hat? I can't see an after market of people scanning garbage from a particular locale/district etc. The marketing drones already have this information. Retailers routinely sell their lists to each other. Catelogs company give them to each other as "gifts". Or worse TRADED like comodity. You people are not paranoid enough!

    1. Re:You should be more paranoid by Reziac · · Score: 2, Interesting

      Costco (and probably every "membership" store of any sort) keeps a complete record of everything you ever bought there -- you can still return stuff for a refund even if you don't have the receipt, because they can instantly look up your purchase history to see if you bought the item there or not.

      My VISA card sends me a year-end statement that itemizes *every* time I used the card for the past year.

      So those are two that I know for a fact keep my complete purchase history for at least a year. (And I can pull my Edison records online going back about three years, tho I know they have more on file since I did once order it back to the beginning of my current account.)

      This isn't very much data in terms of raw bytes; for myself, I'd estimate my annual total for all such data (including not only purchases, but also my mortgage, phone, electric, etc.) is less than 10k. Given today's storage arrays, that's pretty trivial, even if there's an entry for every man, woman, and child.

      Anyway, the "hidden file" theory may have escaped from an ill-fitted tinfoil hat, but there are already outfits that keep ALL your transaction data. And you may not have control over whether that is used only for non-personally-identifiable marketing (not a problem) or something more nefarious (see someone's post above about the slip-and-fall lawsuit where the store brought the guy's purchasing record into court, trying to prove he was a drunk. This was a real case, BTW.)

      --
      ~REZ~ #43301. Who'd fake being me anyway?
  11. RFID, making theft easier by Dark+Fire · · Score: 2, Interesting

    Theft and Burglary have just gotten easier with the aid of RFID technology. Now you can find out what is in someone's home or business just by driving by the building! No need to waste your time trying to profile homes and select the most profitable targets. Just drive through the neighborhood and make out your Christmas list. Point and click profiling. Brought to you by IBM.

  12. Re:Some things you might want to keep private. by Rob+the+Bold · · Score: 4, Interesting
    1. Your drinking habits. . .

    2. Your method of birth control. . .

    3. Medications especially for things like anti-depressants or treatments for STDs. . .

    4. The books you read. . .

    All of these things can be used against you by your employer or insurance company.

    HOW? You can't just throw FUD out there and hope it sticks. How these things could be used against you?

    Just a few examples off the top of my head.

    1. Alcohol. Higher insurance premiums for drinkers, or heavy drinkers, or malt-liquor drinkers. The question of did he or did he not actually consume it would be irrelevant for the users of the data, they're not trying to prove it in a court of law, they're just using it as an excuse.

    2. Birth Control. Again, higher insurance premiums for people who use too many (or too few) condoms. Increased risk of STDs and pregnancy. Or maybe you're the IT director at some fundamentalist whack-job church -- any purchase of birth control gets you sacked for not being fruitful and multiplying enough.

    3. Perscriptions. Your employer probably already knows if you're on the company insurance plan, and your insurance company certainly knows unless you self pay. But again, insurance co. would love to know as much as possible about you, legal or not. They're not going to tell you they went through your trash.

    4. Books. Again, I think we'd assume for harassment purposes that you read any book you buy. Whole categories of readers could be assumed to be untrustworty in their jobs because of their reading habits. Jobs with secrets, or working with children, or the elderly, or in a pharmacy, just to name a few.

    I imagine someone paid to come up with evil things to do with personal infomation (like HR director or Insurance risk-analyst) could make a much longer list than mine.

    Also, with regard to "throwing FUD out there" . . . the "U" is "uncertainty", the unknown. You cannot, by definition, enumerate the unknown. It's difficult to discuss the future without some degree of speculation.

    --
    I am not a crackpot.
  13. I'm taking out a patent for a faraday cage lined.. by NecrosisLabs · · Score: 2, Interesting
    ..trashcan.

    I'm trying not to be paranoid about this stuff, and I understand the need for companies to make a buck, but this stuff just gives me the willies.

    I also have a dream about those "loyalty" cards that are used to track shopping habits, it goes like this:

    At the common areas in a public place (office, gym, whatever) there is a fishbowl filled with these loyalty cards. You need to go grocery shopping, so you go over, and pull out one for the store that you need, tossing in the one that is already in your wallet. You shop, and get the "discount" (as opposed to my perspective that I resent having to pay a premium to retain my privacy). Next week, you happen to be somewhere else before you go shopping. Toss in that last card, grab a new one! This would really do a number on their datamining accuracy.

    I'm aware that some people use these cards for check validation and suchlike. This would only work for those who have them for the discount.

  14. Re:Someone already tried microwaving the euros! by badfish99 · · Score: 2, Interesting
    What I want now is a note detector. It needs a range of about 10 feet, and a little screen that says how much money it is detecting, and shows a little arrow pointing in the right direction.

    This will be extremely useful for my new career as a pick-pocket.